If I show a model, is it possible that a malicious client edits the js and loads a model that I don't want to show?

I am creating a web page where each user can view their models. I save all the models in the same folder page and depending on the user I load one model or another. By editing the code, could a client load the model of a different client?

I’ll assume “I save all the models in the same folder page” means a folder on the server? Is there any access restrictions implemented to block a user looking outside their own folder? If not, then yes, it will be possible to look in other folders by guessing or discovery. I recommend using GUIDs for a user’s folder to reduce the risk.

1 Like